Category Started On Completed On Duration Cuckoo Version
FILE 2019-02-11 15:17:42 2019-02-11 15:28:07 625 seconds 1.2
Machine Label Manager Started On Shutdown On
WindowsXPSP3 WindowsXPSP3 VirtualBox 2019-02-11 15:17:42 2019-02-11 15:28:06

File Details

File name dgoodrick3_malware1.exe
File size 95744 bytes
File type PE32 executable (console) Intel 80386, for MS Windows
CRC32 6E616B00
MD5 84d9c4663effc7a2edf1ca77eadef5eb
SHA1 2782f85b26ed96b518044358c9aef0b1e6ea884b
SHA256 e1b37df6102ac6f3e19ccf13fbabc403abba4548f17d5776e36b8c885e4e9a93
SHA512 b6838511f113f21812a5d041e290052235a7c904971539432c8fd4b0652f1db6e07ee27b21612870c9071141f10a4a0fc471dca7fd5d30d8f5fa155da15a11bb
Ssdeep 1536:geOmsWjcdW3j3eieiKciHzkLIED7j579Z8iSikh2PlEac8+a4k/U:geOJWT3eVciHzEp9Zuidc8F
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2019-02-10 04:38:29
Detection Rate: 49/70 (Expand)

Signatures

No signatures matched

Screenshots

Static Analysis

Sections

Imports

Strings

Dropped Files

dgoodrick3_malware1.exe

Network Analysis

Hosts Involved

Behavior Summary

Files
  • C:\DOCUME~1\cuckoo\LOCALS~1\Temp\dgoodrick3_malware1.exe
Mutexes
  • IPKillerClient
Registry Keys
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  • HKEY_CURRENT_USER\Software\Resilience Software
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Processes

registry filesystem process services network synchronization

dgoodrick3_malware1.exe PID: 276, Parent PID: 1996

iexplore.exe PID: 1000, Parent PID: 276

iexplore.exe PID: 268, Parent PID: 1000

Volatility

Nothing to display.